If you are not aware, the cybersecurity industry is facing a significant skills shortage. This is further exaggerated by the fact that more and more devices are becoming IP connected either on the corporate network or via cloud services. For example, while I was in Dubai last year, I was fortunate enough to be invited to a physical security awards presentation and I was blown away by the innovation in the sector. From robotic security guards sweeping office corridors to Bluetooth door access control to name but a few. Many, if not all, of these devices resided on a backend server or cloud service controlling and presenting a compliance dashboard. Talking to a colleague recently, he made me aware of the ongoing influx of cheap hardware components from Asia such as surveillance cameras and while the economic business opportunity is understandable, we should give consideration to associated nation state risks.
The cyber industry has also witnessed the convergence of risks, between physical merging into cybersecurity controls and vice versa. Industry convergence can also be seen through system integrators such as Gallagher’s access control system. Which in order to utilise its comprehensive suite of capabilities, is required to integrate into active directory and hence move into the corporate IT network (other systems are available). The benefits if you get them right are attractive. Identifying a user is logged into the network in Newcastle but just swiped into the office in London can be good indicators of compromise. As well as removing system account access when an employee leaves the company and having physical access removed automatically can streamline security operations and governance.
So, what can we do? Well I hope to encourage combining strengths from both sectors by encouraging better collaboration. The National Cyber Security Centre responsible for protecting UK PLCs from cyber-attacks continues to highlight the risk of company supply chains as a key point of attack for hackers. This means companies cannot adequately protect themselves unless they start to have a much better grasp of all their interconnected devices.
Recently a US gas station was hacked and its payment system taken offline. This was all because a device was connected to the internet and not properly secured. To secure internet connected devices simple best practice such as changing default passwords and enabling two factor authentications can have a significant impact. But often even a simple step like this can have a significant impact on a system’s operation, which is why ‘Secure by Design’ is so important. We have also seen activity by malicious groups targeting supply chains to find weaknesses that they can exploit in order to move across the supply chain. So, if you provide a service to a larger company and more prominent from a risk perspective, it’s conceivable you will at some stage become a possible target.
My objective is to help individuals and companies become informed and hopefully share examples of good practice and collaboration across both sectors that could be adopted. So if you have any interesting stories please feel free to contact me.
This article was written by Mo Ahddoud, International Security Journal’s resident cybersecurity expert and CEO of MA Consulting Ltd. To find out more, please visit: https://www.macyberuk.com/